HIMSS Analytics: Compliance Prioritization Puts Patient Data at Risk

June 13, 2013
According to a new report from the Chicago-based research arm of the Healthcare Information Management and Systems Society (HIMSS), HIMSS Analytics, a focus on the regulations and guidelines governing data security in the healthcare are not resulting in increased security. The study, called The 2012 HIMSS Analytics Report: Security of Patient Data, says there is a rise in data breaches over the last six years even with tight regulatory activity and compliance surrounding reporting and auditing procedures.

According to a new report from the Chicago-based research arm of the Healthcare Information Management and Systems Society (HIMSS), HIMSS Analytics, a focus on the regulations and guidelines governing data security in the healthcare are not resulting in increased security. The study, called The 2012 HIMSS Analytics Report: Security of Patient Data, says there is a rise in data breaches over the last six years even with tight regulatory activity and compliance surrounding reporting and auditing procedures.  

The report indicated more healthcare industry professionals are more prepared than ever to confront the data security risks, giving themselves a 6.40 rating on a scale of one to seven (with with 1 being "not at all prepared" and seven being "extremely prepared"), as compared to 6.06 in 2010 and 5.88 in 2008. Yet despite this, a growing 27 percent of respondents reported a security breach during that same time period (up from 19 percent in 2010 and 13 percent in 2008). Furthermore, 69 percent experienced more than one - indicating that increased preparedness is not synonymous with increased security.

According to the report, human error remains the greatest threat to healthcare data security. In 2012, 79 percent of respondents reported that a security breach was perpetrated by an employee. Fifty-six (56) percent of respondents indicated that the source of a reported breach was unauthorized access to information by an individual employed by the organization at the time of the breach.  

Mobility is also a cause of increased data breaches, according to the report. Thirty-one (31) percent of respondents indicated that information available on a portable device was among the factors most likely to cause a breach (up from 20 percent in 2010 and four percent in 2008). Also, theexpectations of third party data security practices are not keeping pace with the increased outsourcing of patient data, the report says. Essentially, third party breaches are on the rise.

The study cited 18 percent of respondents that experienced a breach in the past 12 months cited third parties as the root cause.  Twenty-eight (28) percent of respondents indicated that "sharing information with external parties" is the top item that put patient data at risk (up from 18 percent in 2010 and 6 percent in 2008).

"Healthcare organizations need to ensure that their business associates are taking every precaution to safeguard this information. We know that most security breaches often are the result of actions taken by employees, so background checks, employee training and continued monitoring of policies and procedures are steps all covered entities should ensure are taken by their business associates,” Lisa Gallagher, senior director of privacy and security for the Healthcare Information and Management Systems Society (HIMSS), said in a statement.

There is also a lack of clarity on who is responsible for data security. Respondents said the HIM Director – 21 percent, CIO – 19 percent, Chief Privacy Officer, Chief Compliance Officer, CEO – 12 percent for each title and Chief Security Officer – 10 percent, were responsible – indicating that one set person has not been defined by the industry.

The report was sponsored by Kroll (New York, N.Y.). HIMSS surveyed 250 healthcare industry professionals participated in this research, conducted in December 2011.

Sponsored Recommendations

Harnessing the True Power of Cultural, Clinical and Operational Data

Optimize healthcare performance by combining clinical, operational, and cultural insights. A deeper understanding of team factors improves care and resource management.

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...